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In the claims: 

All claims presented for examination are listed below. 

€kaa*4r L (Currently amended^ A method-and apporatufl to nocuro for a second operation 
of authenticating a user and securing an online transactiono transaction over tfao phone* a 
telephone, comprising: 

(a) providing a card reader connecting a smart card to a telephone; 

(b) [[-]] a smart cord-transmitting [[a]] from the smart card at least an 
identification sequence for the user to an IVR server connected to a telephone line in the 
form of a modulated signal^]]; 

a card read e r plugged into th e telephon o lino> 
[[-]] £c) an IVR applet demodulating the identification sequence at the IVR server. 

and 

{cp authenticating the user a nd the transaction at an application server receiving 
the demodulated identification seq uence from the IVR server over a communication 
network wherei n data process i ng r equired for generating, transmitting and authenticating 

the user occur without data processin g assistance from nhnrnrtnrWpH fey ti 1rt n ) , 9 r 

procoaoing memo within the card reader. 

Claim 2: A 2. (Currently amended) The method [[as in]] s£ claim 1 , wherein the 
identification sequence comprises at least a unique card number and a random number, 
the rando m number valid only once. 

Claim 3; A 3. (Currently amended) The method as in claim 2, wherein the random 
number is a session key (Ki) which is not transmitted to the authentication server. 
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Claim 4 : A 4. (Currently amended") The method as in claim 3, wherein the session key 
(Ki) is a function of [[the]] a previous one (Ki-1) emitted by the card sueh as: Ki G(Ki-l), 
G is a one-way function also wherein (Ki-n is known by the authentication server. 

Claim 5hA 5. fCurrentlv amended^ The method asnifi ol claim 4, wherein the session key 
(Ki) is used by the IVR applet to encrypt [[the]] a PIN entered by the user; said wherein 
an encryption code is transmitted to the authentication server along with the card number. 

Claim 6: A 6. (Currently amended^ The method as4ft of claim 5, wherein the 
authentication server decrypts the encryption code to retrieve the user PIN, using a 
session key deduced from the pr e vious ono (Ki-1) stored in [[the]] a database at the 
authentication server database . 

Claim 7. (Currently amended^ The method as-in of claim 6, wherein the 
authentication is valid only if the decrypted PIN and the PIN stored in the database are 
identical; if ibis is the case, the authentication server replaces (Ki-1) by (Ki) in the 
database and (Ki) cannot be reused. 

8-13. (Canceled) 

14. (New) A system for authenticating a user and securing online transactions for a user 
over a telephone, comprising; 

a card reader connected to the telephone and the telephone connected to a 
telephone line; 

a smart card connected to the card reader for transmitting at least an identification 
sequence for the user; 

an IVR server connected to the telephone line; and 

an application server connected to the IVR server oyer a communication network; 
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wherein the system authenticates the user and the online transactions by the 
application server which receives the demodulated identification sequence from the IVR 
server over a communication network and compares the received identification sequence 
with identification information in database accessible to the user and all of the data 
processing required to transmit information and authenticate the user occurs outside of 
the card reader. 

1 5. (New) The system of claim 14, wherein the identification sequence comprises at least 
a unique card number and a random number valid only once. 

16. (New) The system of claim 14, wherein the random number is a session key (Ki) 
which is not transmitted to the authentication server. 

1 7. (New) The system of claim 14, wherein the session key (Ki) is a function of a 
previous one (Ki-I) emitted by the card such as: Ki G(Ki-l), G is a one-way function, 
wherein (Ki-1) is known by the authentication server. 

18. (New) The system of claim 14, wherein the session key (Ki) is used by the IVR applet 
to encrypt a PIN entered by the user; said encryption code is transmitted to the 
authentication server along with the card number. 

19. (New) The system of claim 14, wherein the authentication server decrypts the 
encryption code to retrieve the user PIN, using a session key deduced from the previous 
one (Ki-I) stored in a database at the authentication server. 

20. (New) The system of claim 14, wherein the authentication is valid only if the 
decrypted PIN and the PIN stored in the database are identical; if this is the case, the 
authentication server replaces (Ki-1) by (Ki) in the database and (Ki) cannot be reused. 
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21. (New) The system of claim 14, wherein the smart card is powered by the voltage 
provided by the telephone line. 

22. (New) The system of claim 14, wherein the smart card transmits the modulated signal 
to the telephone line through an ISO contact. 

23. (New) The system of claim 14, wherein the card reader is further integrated into the 
telephone handset 
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